Steps for Evaluating an Infection Control Breach

Figure 1. Approach to an infection control breach with potential risk of bloodborne pathogen transmission*

  • Identify the nature of the breach, type of procedure, and biologic substances involved
  • Review the recommended reprocessing methods or aseptic technique
  • Institute corrective action as early as possible
  • Determine the time frame of the breach and number of patients who were exposed
  • Identify exposed patients with evidence of HBV, HCV, or HIV infections through medical records and/or public health surveillance data
  • Conduct literature review and consult experts
  • Infection control professionals
  • Risk management
  • Local and State health departments
  • Affected healthcare providers
  • Licensing or other regulatory agencies, if appropriate

If possible, classify breach as Category A or B:

  • Category A involves a gross error or demonstrated high-risk practice
  • Category B involves a breach with lower likelihood of blood exposure
  • If Category A, Patient notification and testing is warranted
  • If Category B, Consider the following factors in the decision:
  • Develop communication materials
  • Consider post-exposure prophylaxis if appropriate
  • Determine who will conduct testing, obtain consent, and/or perform counseling, if appropriate
  • Determine if follow-up testing needed
  • Facilitate public inquiry and communication
  • Address media and legal issues

* (assumes no known cases of bloodborne pathogen transmission as a result of the breach)
Download the above information in PDF format pdf icon[PDF – 1.57 MB]

  1.  Identification of infection control breach Depending on the procedure(s), device(s), or practice(s) involved, an infection control breach may result in exposure to body fluids, tissues, or other biologic substances. The types of potentially infectious substances that could have been harbored on the contaminated instrument or device should be determined. The body surfaces or spaces (e.g., mucosal membranes, solid organs or tissues, blood vessels) of exposed patients expected to come in contact with the contaminated device should also be identified.
    Recommendations for safe injection practices and handling of injectable medications are provided in the Standard Precautions section of the Healthcare Infection Control Practices Advisory Committee Guideline for Isolation Precautions.1 For breaches involving an instrument or device, the manufacturer’s instructions for use and recommended reprocessing methods should be reviewed and the degree to which the breach deviated from these recommendations should be determined. The nature of the breach should be assessed relative to recommended practice to better understand the extent of the breach and its potential impact on overall disinfection and sterilization or aseptic technique. For example, the evaluation should include whether key steps in reprocessing of a device were completely omitted or performed, but in a suboptimal manner.
    Direct observation of practices that may have led to the breach should be conducted along with interviews of involved healthcare staff regarding their practices. It should be noted that observed practices may not reflect procedures at the time of the breach, and fear of retaliation may reduce the reliability of staff interviews in certain situations. Records of healthcare equipment disinfection procedures may be available to provide specific information on reprocessing methods that were followed. If a breach appears to be ongoing, procedures should be halted until a plan can be implemented to correct the infection control lapse. Once implemented, the plan of action should be rapidly assessed to determine whether the expected changes have occurred.
  2. Additional data gathering The timeframe during which the breach occurred should be determined based on staff interviews and review of instrument reprocessing, procedure, or employee records. The exposure timeframe may correspond to the dates of employment of a particular healthcare provider whose individual practices are in question, the dates a specific procedure was performed, or the period of time during which there was a known breach-as indicated by staff interviews or reprocessing records. After discerning the likely onset and duration of the breach, an attempt should be made to determine which patients were exposed to the procedure or practices impacted by it.
    If available, the individual patient-level bloodborne pathogen infection status should be examined. The list of affected patients can be cross-referenced against public health surveillance case reports and medical records reviewed to identify new HCV, HBV, or HIV infections that may have resulted from the exposure. Evidence of liver transaminase elevations from medical chart reviews is potentially useful in identifying patients with undiagnosed HBV or HCV infections. These activities might also be used to identify previously infected patients who could have served as a source for transmission. However, it should be noted that many exposed patients might never have been tested for bloodborne pathogens prior to the exposure. If cases of bloodborne pathogen transmission that resulted from the breach are identified or suspected, a more detailed epidemiologic and laboratory investigation is warranted (not described here).
  3. Notify and involve key stakeholders Key partners will vary depending on the situation but should be identified and engaged as early as possible. Parties to consider involving include: infection control practitioners and hospital epidemiologists from the involved facilities; representatives of facility risk-management teams; affected State and local health departments; affected healthcare providers; and licensing or other regulatory agencies, if appropriate. Occasional infection control breaches have been reported in the context of medical malpractice or substance abuse by healthcare providers. Such factors might influence transmission or complicate an investigation.
  4. Qualitative assessment of breach Based on the nature of the breach, its deviation from recommended practices, and additional information gathered-a qualitative assessment of the breach should be made. “Category A” errors correspond to gross mistakes in infection control practices, typically with identifiable risk. The risk assessment is based on documented bloodborne pathogen transmission in association with similar practices in the past, or the observed or very high likelihood of blood exposure as a result of the breach. Examples of Category A errors include: 1) reuse of needles or syringes between patients; and 2) reuse of contaminated syringes to access multi-dose medication vials or intravenous fluid bags.
    “Category B” errors correspond to breaches of infection control where the likelihood of blood exposure resulting from the breach is uncertain, but thought to be less than would occur with a Category A breach. Examples of Category B errors include: 1) colonoscope reprocessing performed with incorrect disinfectant solutions or those performed with a shorter duration than is recommended by the manufacturer; 2) prostate biopsy probes and needles that were sterilized but the retained tissue was not physically removed from biopsy probe channel. Individuals and healthcare facilities that are called upon to make these assessments are encouraged to solicit input from experts and stakeholders.
  5. Decision regarding patient notification and testing For Category A breaches, patient notification and testing is warranted. In these breaches, an identifiable or significant risk of bloodborne pathogen transmission exists and should be considered to outweigh the potential harms of patient notification and testing. For Category B breaches, the decision to notify and/or test patients should be based on a number of factors including the information gathered and assessment of the breach and should involve key stakeholders. Public concern and perceived risk in the community or among exposed individuals may also be factors and should be addressed regardless of decisions for or against patient testing. If a decision is made to test for bloodborne pathogens in the context of an infection control breach, testing for HBV, HCV, and HIV should be offered.
  6. Communications and logistical issues Ideally, a consensus should be reached among stakeholders regarding notification decisions and a uniform message should be conveyed. The key partners should agree upon a method of notification and identify the party primarily responsible for notifying patients. Several logistical and other issues should be considered and addressed in conjunction with the decision-making process. If the nature and timing of the breach warrant it, post-exposure prophylaxis for HIV and HBV should be considered and delivered rapidly to consenting patients. This should be performed in accordance with Centers for Disease Control and Prevention (CDC) recommendations.2,3 Serologic tests conducted for baseline and follow-up testing should adhere to CDC guidelines developed for management of occupational exposures to HBV, HCV, and HIV.2 Public inquiry and communication of public health messages should be facilitated through telephone hotlines, internet web postings, press releases, direct patient mailings, or other means. Potential media and legal issues should be anticipated.

 Top of Page

  1. Siegel JD, Rhinehart E, Jackson M, Chiarello L, and the Healthcare Infection Control Practices Advisory Committee. 2007 Guideline for Isolation Precautions: Preventing Transmission of Infectious Agents in Healthcare Settings, June 2007.
  2. CDC. Updated U.S. Public Health Service Guidelines for the Management of Occupational Exposures to HBV, HCV, and HIV and Recommendations for Postexposure Prophylaxis. MMWR Morb Mortal Wkly Rep 2001;50(RR-11):1-42.
  3. CDC. Updated U.S. Public Health Service Guidelines for the Management of Occupational Exposures to HIV and Recommendations for Postexposure Prophylaxis. Updated PEP recommendations. MMWR Morb Mortal Wkly Rep 2005;54(RR-9):1-17.